Search criteria
11 vulnerabilities found for rsync by rsync
CVE-2025-10158 (GCVE-0-2025-10158)
Vulnerability from cvelistv5 – Published: 2025-11-18 14:24 – Updated: 2025-11-19 16:48
VLAI?
Title
Rsync: Out of bounds array access via negative index
Summary
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The
malicious
rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Severity ?
4.3 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:15:02.998218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:48:56.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rsync",
"vendor": "rsync",
"versions": [
{
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-11-18T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:45:58.065Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
},
{
"tags": [
"technical-description"
],
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-19T06:11:00.000Z",
"value": "Rapid7 makes initial outreach to rsync maintainers"
},
{
"lang": "en",
"time": "2025-03-19T10:04:00.000Z",
"value": "Rsync maintainers confirm outreach"
},
{
"lang": "en",
"time": "2025-03-20T10:34:00.000Z",
"value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"
},
{
"lang": "en",
"time": "2025-04-02T03:05:00.000Z",
"value": "Rapid7 requests confirmation of findings"
},
{
"lang": "en",
"time": "2025-04-06T09:30:00.000Z",
"value": "Rsync maintainers indicate more time is needed"
},
{
"lang": "en",
"time": "2025-04-16T05:31:00.000Z",
"value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"
},
{
"lang": "en",
"time": "2025-04-17T01:56:00.000Z",
"value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"
},
{
"lang": "en",
"time": "2025-05-07T09:08:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-05-12T06:08:00.000Z",
"value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"
},
{
"lang": "en",
"time": "2025-05-28T09:40:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-06-17T04:19:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-18T11:59:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-23T09:17:00.000Z",
"value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"
},
{
"lang": "en",
"time": "2025-09-02T04:23:00.000Z",
"value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"
},
{
"lang": "en",
"time": "2025-09-09T11:18:00.000Z",
"value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"
},
{
"lang": "en",
"time": "2025-11-11T04:42:00.000Z",
"value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."
},
{
"lang": "en",
"time": "2025-11-18T14:00:00.000Z",
"value": "This disclosure"
}
],
"title": "Rsync: Out of bounds array access via negative index",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10158",
"datePublished": "2025-11-18T14:24:19.210Z",
"dateReserved": "2025-09-09T11:15:17.585Z",
"dateUpdated": "2025-11-19T16:48:56.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2007-6200 (GCVE-0-2007-6200)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6200",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6199 (GCVE-0-2007-6199)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6199",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4091 (GCVE-0-2007-4091)
Vulnerability from cvelistv5 – Published: 2007-08-16 00:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:38.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26543"
},
{
"name": "https://issues.rpath.com/browse/RPL-1647",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"name": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908",
"refsource": "CONFIRM",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html",
"refsource": "CONFIRM",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4091",
"datePublished": "2007-08-16T00:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:46:38.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10158 (GCVE-0-2025-10158)
Vulnerability from nvd – Published: 2025-11-18 14:24 – Updated: 2025-11-19 16:48
VLAI?
Title
Rsync: Out of bounds array access via negative index
Summary
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The
malicious
rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Severity ?
4.3 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:15:02.998218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:48:56.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rsync",
"vendor": "rsync",
"versions": [
{
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-11-18T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:45:58.065Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
},
{
"tags": [
"technical-description"
],
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-19T06:11:00.000Z",
"value": "Rapid7 makes initial outreach to rsync maintainers"
},
{
"lang": "en",
"time": "2025-03-19T10:04:00.000Z",
"value": "Rsync maintainers confirm outreach"
},
{
"lang": "en",
"time": "2025-03-20T10:34:00.000Z",
"value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"
},
{
"lang": "en",
"time": "2025-04-02T03:05:00.000Z",
"value": "Rapid7 requests confirmation of findings"
},
{
"lang": "en",
"time": "2025-04-06T09:30:00.000Z",
"value": "Rsync maintainers indicate more time is needed"
},
{
"lang": "en",
"time": "2025-04-16T05:31:00.000Z",
"value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"
},
{
"lang": "en",
"time": "2025-04-17T01:56:00.000Z",
"value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"
},
{
"lang": "en",
"time": "2025-05-07T09:08:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-05-12T06:08:00.000Z",
"value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"
},
{
"lang": "en",
"time": "2025-05-28T09:40:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-06-17T04:19:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-18T11:59:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-23T09:17:00.000Z",
"value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"
},
{
"lang": "en",
"time": "2025-09-02T04:23:00.000Z",
"value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"
},
{
"lang": "en",
"time": "2025-09-09T11:18:00.000Z",
"value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"
},
{
"lang": "en",
"time": "2025-11-11T04:42:00.000Z",
"value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."
},
{
"lang": "en",
"time": "2025-11-18T14:00:00.000Z",
"value": "This disclosure"
}
],
"title": "Rsync: Out of bounds array access via negative index",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10158",
"datePublished": "2025-11-18T14:24:19.210Z",
"dateReserved": "2025-09-09T11:15:17.585Z",
"dateUpdated": "2025-11-19T16:48:56.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2007-6200 (GCVE-0-2007-6200)
Vulnerability from nvd – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6200",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6199 (GCVE-0-2007-6199)
Vulnerability from nvd – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6199",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4091 (GCVE-0-2007-4091)
Vulnerability from nvd – Published: 2007-08-16 00:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:38.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26543"
},
{
"name": "https://issues.rpath.com/browse/RPL-1647",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"name": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908",
"refsource": "CONFIRM",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html",
"refsource": "CONFIRM",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4091",
"datePublished": "2007-08-16T00:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:46:38.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2007-6199
Vulnerability from fkie_nvd - Published: 2007-12-01 06:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| cve@mitre.org | http://rsync.samba.org/security.html#s3_0_0 | ||
| cve@mitre.org | http://secunia.com/advisories/27853 | ||
| cve@mitre.org | http://secunia.com/advisories/27863 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28412 | ||
| cve@mitre.org | http://secunia.com/advisories/28457 | ||
| cve@mitre.org | http://secunia.com/advisories/31326 | ||
| cve@mitre.org | http://secunia.com/advisories/61005 | ||
| cve@mitre.org | http://securitytracker.com/id?1019012 | ||
| cve@mitre.org | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html | ||
| cve@mitre.org | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| cve@mitre.org | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26638 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4057 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2268 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rsync.samba.org/security.html#s3_0_0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27853 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27863 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28412 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31326 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/61005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019012 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26638 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4057 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2268 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| slackware | slackware_linux | 8.1 | |
| slackware | slackware_linux | 9.0 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | 10.1 | |
| slackware | slackware_linux | 10.2 | |
| slackware | slackware_linux | 11.0 | |
| slackware | slackware_linux | 12.0 | |
| rsync | rsync | 2.3.1 | |
| rsync | rsync | 2.3.2 | |
| rsync | rsync | 2.3.2_1.2alpha | |
| rsync | rsync | 2.3.2_1.2arm | |
| rsync | rsync | 2.3.2_1.2intel | |
| rsync | rsync | 2.3.2_1.2m68k | |
| rsync | rsync | 2.3.2_1.2ppc | |
| rsync | rsync | 2.3.2_1.2sparc | |
| rsync | rsync | 2.3.2_1.3 | |
| rsync | rsync | 2.4.0 | |
| rsync | rsync | 2.4.1 | |
| rsync | rsync | 2.4.3 | |
| rsync | rsync | 2.4.4 | |
| rsync | rsync | 2.4.5 | |
| rsync | rsync | 2.4.6 | |
| rsync | rsync | 2.4.8 | |
| rsync | rsync | 2.5.0 | |
| rsync | rsync | 2.5.1 | |
| rsync | rsync | 2.5.2 | |
| rsync | rsync | 2.5.3 | |
| rsync | rsync | 2.5.4 | |
| rsync | rsync | 2.5.5 | |
| rsync | rsync | 2.5.6 | |
| rsync | rsync | 2.5.7 | |
| rsync | rsync | 2.6 | |
| rsync | rsync | 2.6.1 | |
| rsync | rsync | 2.6.2 | |
| rsync | rsync | 2.6.5 | |
| rsync | rsync | 2.6.6 | |
| rsync | rsync | 2.6.7 | |
| rsync | rsync | 2.6.8 | |
| rsync | rsync | 2.6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
"matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
"matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
"matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
"matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
},
{
"lang": "es",
"value": "rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite as\u00ed que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simb\u00f3lico que apunta fuera de la jerarqu\u00eda de ficheros del m\u00f3dulo."
}
],
"id": "CVE-2007-6199",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-01T06:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61005"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "cve@mitre.org",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.",
"lastModified": "2007-12-06T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6200
Vulnerability from fkie_nvd - Published: 2007-12-01 06:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| cve@mitre.org | http://rsync.samba.org/security.html#s3_0_0 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27853 | ||
| cve@mitre.org | http://secunia.com/advisories/27863 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28412 | ||
| cve@mitre.org | http://secunia.com/advisories/28457 | ||
| cve@mitre.org | http://secunia.com/advisories/31326 | ||
| cve@mitre.org | http://securitytracker.com/id?1019012 | ||
| cve@mitre.org | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| cve@mitre.org | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2011-0999.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26639 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4057 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2268 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rsync.samba.org/security.html#s3_0_0 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27853 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27863 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28412 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31326 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019012 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0999.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4057 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2268 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| slackware | slackware_linux | 8.1 | |
| slackware | slackware_linux | 9.0 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | 10.1 | |
| slackware | slackware_linux | 10.2 | |
| slackware | slackware_linux | 11.0 | |
| slackware | slackware_linux | 12.0 | |
| rsync | rsync | 2.3.1 | |
| rsync | rsync | 2.3.2 | |
| rsync | rsync | 2.3.2_1.2alpha | |
| rsync | rsync | 2.3.2_1.2arm | |
| rsync | rsync | 2.3.2_1.2intel | |
| rsync | rsync | 2.3.2_1.2m68k | |
| rsync | rsync | 2.3.2_1.2ppc | |
| rsync | rsync | 2.3.2_1.2sparc | |
| rsync | rsync | 2.3.2_1.3 | |
| rsync | rsync | 2.4.0 | |
| rsync | rsync | 2.4.1 | |
| rsync | rsync | 2.4.3 | |
| rsync | rsync | 2.4.4 | |
| rsync | rsync | 2.4.5 | |
| rsync | rsync | 2.4.6 | |
| rsync | rsync | 2.4.8 | |
| rsync | rsync | 2.5.0 | |
| rsync | rsync | 2.5.1 | |
| rsync | rsync | 2.5.2 | |
| rsync | rsync | 2.5.3 | |
| rsync | rsync | 2.5.4 | |
| rsync | rsync | 2.5.5 | |
| rsync | rsync | 2.5.6 | |
| rsync | rsync | 2.5.7 | |
| rsync | rsync | 2.6 | |
| rsync | rsync | 2.6.1 | |
| rsync | rsync | 2.6.2 | |
| rsync | rsync | 2.6.5 | |
| rsync | rsync | 2.6.6 | |
| rsync | rsync | 2.6.7 | |
| rsync | rsync | 2.6.8 | |
| rsync | rsync | 2.6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
"matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
"matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
"matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
"matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura. Permite que atacantes remotos vulneren exclude, exclude_from, y filter, adem\u00e1s de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar."
}
],
"id": "CVE-2007-6200",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-01T06:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
"lastModified": "2007-12-06T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4091
Vulnerability from fkie_nvd - Published: 2007-08-16 00:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 | ||
| cve@mitre.org | http://c-skills.blogspot.com/2007/08/cve-2007-4091.html | ||
| cve@mitre.org | http://secunia.com/advisories/26493 | ||
| cve@mitre.org | http://secunia.com/advisories/26518 | ||
| cve@mitre.org | http://secunia.com/advisories/26537 | ||
| cve@mitre.org | http://secunia.com/advisories/26543 | ||
| cve@mitre.org | http://secunia.com/advisories/26548 | ||
| cve@mitre.org | http://secunia.com/advisories/26634 | ||
| cve@mitre.org | http://secunia.com/advisories/26822 | ||
| cve@mitre.org | http://secunia.com/advisories/26911 | ||
| cve@mitre.org | http://secunia.com/advisories/27896 | ||
| cve@mitre.org | http://secunia.com/advisories/61039 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200709-13.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089 | ||
| cve@mitre.org | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1360 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_17_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/477628/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25336 | ||
| cve@mitre.org | http://www.trustix.org/errata/2007/0026/ | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-500-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2915 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/36072 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1647 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://c-skills.blogspot.com/2007/08/cve-2007-4091.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26493 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26518 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26537 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26548 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26634 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26822 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/61039 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200709-13.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_17_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/477628/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25336 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2007/0026/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-500-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2915 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/36072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1647 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
},
{
"lang": "es",
"value": "M\u00faltiples errores de superaci\u00f3n de l\u00edmite (off-by-one) en sender.c de rsync 2.6.9 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante nombres de directorio que no son manejados adecuadamente al llamar a la funci\u00f3n f_name."
}
],
"id": "CVE-2007-4091",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-16T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"source": "cve@mitre.org",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26493"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26518"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26537"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26548"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26634"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26822"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26911"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27896"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61039"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"source": "cve@mitre.org",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync.\n\nThis flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector.",
"lastModified": "2007-08-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}